This Week in Django is a weekly podcast about all things Django.
This week we have discussion about a XSS vulnerability, Some cool projects and blog posts from the community, the Tip of the Week, and a question from the IRC.
Please see the Show Notes below for all the pertinent information and links
Downloads
AAC Enhanced Podcast (24.3 MB, 40:00, AAC)
MP3 Edition (27.5 MB, 40:00, MP3)
OGG Edition (21.7 MB, 40:00, Vorbis)
The Enhanced Podcast version contains screenshots and easy access links to all of the items we discuss throughout the podcast.
Feeds Available
iTunes Feeds are available. By subscribing using the iTunes feeds the podcasts will automatically be downloaded for you when we release them.
iTunes Feeds
This Week in Django – AAC Edition
This Week in Django – MP3 Edition
Regular RSS Feeds
This Week in Django – AAC Edition
This Week in Django – MP3 Edition
This Week in Django – OGG Edition
Give Us Feedback
Want to give us some feedback on the show? We’re always looking for ideas or suggestions that will help improve each episode. Please contact us at feedback __at__ thisweekindjango.com.
Show Notes
Tracking Trunk (1:26)
- Removed mark_safe from the saved request path on the admin login form
(7521)– This prevents a potential XSS attack. Formal announcement will be forthcoming.- Django-Users Discussion
- Django-Developers Discusssion
- Reporting security issues on Django
- Use the Security Email Address (security
__at__djangoproject.com) for reporting issues.
Community Catchup (7:56)
- Django Search – great aggregator and Google custom search of community blogs and projects by Alex Aster. Also check out his blog for some interesting posts.
- Django Blog Search by Kevin Fricovsky
- Django Search – similar solution by Tim Sloan.
- QuerySet.Update Improvement – Patch to allow updates to do updates back to the same column or even to update with literal values.
- RailsEnvy Podcast Poll Django Wins 2nd Place – The question, “What other Ruby frameworks are you interested in?”
- Перечисления на службе добра
(Enumerations on the service it gathered)– Great post by Alexander Koshelev on different ways to handle choices in your models but also keep things DRY. It’s Russian, but if you do a translation using Google Translate or something similar that should help. The code sample alone are very educational.
- Byteflow Blog Engine – Pretty full featured blogging engine written in Django trunk.
- Changing language on the Admin Marc Garcia presents a nice snippet that makes modifications to the Admin to be able to select the Admin language setting.
- FeedClowd is Open Source – The source code for FeedClowd was released.
- Research Journal: Django vs Rails Code Size (Original Post Here unless it’s still running Rails) – Interesting post by Eivind Uggedal comparing framework code size. It’s completely unscientific and meaningless, but interesting nonetheless.
Tip of the Week (28:15)
How can I break apart my models.py file into individual files?
- Breaking Apart Models in Django – Nice post by Patrick Altman that sums it up.
IRC Ad Nauseam (32:23)
Backwards Incompatible Changes Information
My login form Isn’t working the first attempt I login at. The second attempt, it works though. How is this possible?
You probably neglected to send a test cookie on the first view of whatever page your login form is at.
Thank You! (37:34)
More information on Brian Rosner: http://oebfare.com/ and http://twitter.com/brosner/.
Great stuff as usual, THANKS. You forgot to mention http://www.davidcramer.net/code/126/django-db-log.html though, which i think many people would appriciate. As someone states in the comments, its a pretty frequent question in the irc channel.
“Перечисления на службе добра (Enumerations on the service it gathered) Great post by Alexander Koshelev”
Should be like ”Перечисления на службе добра”. You can copypaste this directly (;
with respect to FeedClowd: I’m a happy user of Profilactic.com. They also provide a lifestreaming service, and supports more sites “out of the box”. Unfortunately, their code is not open source.
Zu: Actually it’s correct in my browser. In fact I screenshot it for brosner to prove it. :)
foo: Yeah we debated it. It will probably appear next week alongside another similar product.
Eddy: Yeah Profilactic is a great product. In fact I’ve met the founders a couple of times, since they are part of the Louisville startup community. Good point.
www.djangonetcasts.com doesn’t resolve for me anywhere, is there a better feed link to use?
re: Cyrillic characters not working for everyone
If your browser is set to default to UTF-8 it seems to work fine, but if you have it set for something else it looks like gobbledegook. If you add a meta http-equiv to the head or set the charset for the Content-Type header, it will probably work consistently on most browsers.
Haitek, Not sure where you’re getting the feed but it should be: media.djangonetcasts.com/twid_[format].xml
huxley: good point.
The href in your entries point to: http://www.djangonetcasts.com/twid/episode/23/ This Week in Django 23 – 2008-05-18
Basically when I add the feed url as a smart link, it dies a painful death in Mozilla and Winamp.
Haitek: thank you for the info. I’ll look into that and see what I can do. I apologize for the mess up.
Thanks for the Feedclowd props, when you say “They” you mean “Me” :)
Thanks!